Feature Overview

Forensic State Analysis (FSA)

Infocyte HUNT is an agentless threat hunting solution that utilizes Forensic State Analysis (FSA) to perform deep host inspections of devices. Unlike analytics (UEBA) solutions, Infocyte pulls its own primary forensic data (rather than relying on existing security/information logs from sensors — IDS, AV, EDR, etc. — that failed to alert on the attack in the first place).

The log analysis approach to threat hunting is expensive, difficult to manage, time consuming, and error-prone. Log analysis threat hunting requires in-depth knowledge of adversary tactics and how those tactics present themselves in the logs of your security solutions.

Next, it identifies any manipulation of the operating system (OS) or active processes, e.g., what a rootkit does to hide its presence, or what an insider threat might do to disable the system's security controls. This will reveal things like an OS configuration setting, or an API call being hooked by a rogue/hidden process within volatile memory, i.e., rootkit.

This is starkly different from the behavior analysis techniques used by Endpoint Detection and Response (EDR) or User Behavior Analytics (UBA) products - which only record the changes to a system or network as events, e.g., a new process spawning, a registry key change, or a user elevating privileges. FSA digs much deeper.

Perhaps the most important aspect of ensuring the state analysis of a compromised device (or endpoint) is successful is being able to bypass anti-forensics techniques. This is accomplished by digging into higher-level Operating System APIs and working directly with volatile memory structures — both of which Infocyte HUNT does, automatically.

The Infocyte HUNT Advantage

Infocyte HUNT does not replace the need for centralized logging or real-time behavior monitoring. On the contrary, these endpoint security tools are highly complementary.

Rather, HUNT fills the gap in post-compromise detection by providing the capabilities to audit, assess, and validate what and who is on all the hosts in your network.

For the mature enterprise Security Operations Center (SOC) already doing threat hunting, Infocyte HUNT enables you to shift from custom scripts and other one-host-at-a-time DFIR processes you use to validate suspicious behaviors your team detects — and automates the threat hunting process.

With Infocyte HUNT’s FSA methodology you can iteratively and effectively sweep every endpoint to find entrenched threats and beachheads capable of penetrating your existing cybersecurity defenses.

HUNT provides the best approach to hunting persistent threats, because it is:

Easy to use

Independently conclusive

Highly cost-effective

Learn more about Forensic State Analysis and Infocyte HUNT's unique approach to finding hidden and persistent threats.